pyth0n1c
pyth0n1c
Merging in the changes made for the Detection as Code talk by Patrick and Eric at .conf22. These changes allow a user to remove all the Splunk content from security_content...
There were some naming issues causing a collision between the ESCU app and a custom app that has been generated by a user using the init functionality of contentctl
Updating how Validation handles Content Validation Errors. All content is scanned and all validation errors are returned before any exceptions are raised. This makes pytest results easier to read and...
Add an additional field to savedsearches.conf called `request.ui_dispatch_app = SplunkEnterpriseSecuritySuite` This ensures proper tracking/accounting for the context under which searches run in-app. There are a number of changes to other...
Experimental support for dashboards as first-class SecurityContentObjects.
This set of changes adds acs_deploy functionality to contentctl 4.x. It is mostly a port and cleanup of how it was implemented in contentctl 3.x. It also addresses some warnings...
Resolve dependabot PRs and update dependencies: https://github.com/splunk/contentctl/pull/141 https://github.com/splunk/contentctl/pull/140
Contains a number of user-contributed PRs. These PRs have been evaluated individually and approved, but the sum of these changes will be evaluated exhaustively together to ensure everything looks good....
When generating new content with: `python3 contentctl.py -p . new_content -t detection` and choosing SSA instead of ESCU, the generated detection .yml field is missing the _search_ field.
### Describe the bug The following documentation states that if a keyboard interrupt is captured during a questionary.prompt() call, then `None` should be returned: https://github.com/tmbo/questionary/blob/cf10f3e650d1550376a8e908baa0c9811ef72041/docs/pages/advanced.rst#safe However, the codebase shows that...